Intrusion Detection With BASE And Snort - Page 3
Lets start with: LIBPCAP.
cd into the libcap map:
and make / install LIBPCAP:
Next is PCRE.
cd into the PCRE map:
and make / install pce-6.3
Now it time for Snort:
cd into the snort map:
and make / install Snort with some extra needed options!
./configure --enable-dynamicplugin --with-mysql
Snort needs some maps, so letâ€™s create them:
Moving the Snort files from the installation map to the just created maps.
cd /root/snorttempand cd into snort-2.6.0:
cd snort-2.6.0and into the rules
cd rulesnow we copy all files from the /rules into /etc/snort/rules
cp * /etc/snort/rulesWe will do the same for the files in the install /etc folder:
Fixing the snort.conf
The /etc/snort/snort.conf needs some tuning to get it to work on your system!
cd /etc/snortand open snort.conf with nano (or any other 'text' editor)
change "var HOME_NET any" to "var HOME_NET 192.168.0.5/32"
Setting up the MySQL Database for Snort.
There are many ways to create the snort database.
After creating you can test snort and see if you get any errors with:
snort -c /etc/snort/snort.conf
Exit the test with Ctrl+C
If you get no error's Snort is setup correct.
Moving ADOdb and BASE
and move adodb it to the root of the www map:
mv adodb /var/www
Next: BASE (Basic Analysis and Security Engine )
mv base-1.2.5 /var/www/www.example.com/web
and cd into /var/www/www.example.com/web
To enable BASE to write the setup file we need to chmod the base-1.2.5 folder to 757:
chmod 757 base-1.2.5